Flaws in recent Linux kernels
ft at sinneswandel.de
Fri Oct 19 06:55:10 PDT 2001
> This ptrace exploit works very well on kernel equal or under 2.2.18.
> Look inside the source code : it uses passwd program by default.
> You can change it by another program with the +s flag like ping (tested)
> (#define VICTIM "/usr/bin/passwd" )
sorry, this is a new exploit, published yesterday (or so) on buqtraq. and
yes, its tested with ping and other setuid-progs - didnt work with
2.2.19+ow+stealth, 2.4.6, 2.4.10, 2.4.12+preempt on my systems.
CoreOS 1.2.0 hat diese E-Mail auf Viren ueberprueft.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security